I do not allow my users to create Mail Hosts, but I have a Mail Host object available in the root for everyone to use. Right now, I even allow Anonymous to use it (so that users don't need to turn on proxy roles anytime they want to send mail.) I wonder if this is a risk, though. Can non-users (authors) get to my system (via XML-RPC?) and send mail this way? I'm also concerned about setting sender information for the outgoing mail. I'd like to always use the ID of the owner of the calling method as the sender. Is this something I can do already with a standard Mail Host? Should/Could I do this by modifying Mail Host or is it likely that this functionality might be standard soon. Is there another way that I should consider? Thank you. --kyler